Identity Theft Awareness

2017 was a record year for data breaches (the most common way personal information is stolen).  According to the Identity Theft Resource Center, there were 1,339 breaches reported, compromising over 174 million records, about 21% higher than last year's record number.  Half of these breaches were in the business sector, including the Equifax breach, accounting for 91% of the exposed records. While the Equifax breach exposed very private data on 50% of the US population, not much of this has surfaced in fraud use.  Why not? Likely because the theft was a foreign government that sponsored the theft, and they are still sifting through the data for the low-hanging fruit (members of Congress or Senate, famous people, etc.), but within a year, it will surface.  Hey, people can't change their birthday or Social Security Number easily.  That is why I've encouraged people to get professional help to monitor their personal data. By the time you discover it yourself, you...

#idtheft It comes around periodically. A scam where a senior citizen gets a phone call from either a young person claiming to be a grandson, or someone who says they are an attorney representing the grandson, saying that the grandparent needs to wire some money to bail out the grandchild. Because of social media posting, it isn't difficult for the scammer to get enough personal information to make the scam believable.  Many seniors get taken for thousands of dollars with this scam.  If you get such a call, investigate! Don't promise to wire any money until you can talk to the parents.  Maybe not even then.  Don't become a victim. Another telephone scam that hits seniors is someone representing Medicare or the IRS calls to say that someone has fraudulently used the senior's information, then asks to verify the Social Security Number.  Understand that these agencies never call.  You will get a letter instead.  Always refuse to cooperate, then call the...

PayPal recently bought a payment company TIO Networks, only to find there was a data breach that exposed 1.6 million TIO customers, including customer names and addresses, social security numbers, and login credentials. PayPal immediately shutdown the TIO operations until it could analyze and rectify the breach.  PayPal says its own customer data is not affected, because the two networks are separate. A related article:   https://www.zacks.com/stock/news/284875/paypals-newly-acquired-unit-tio-networks-suffers-data-breach #idtheft Identity theft

A new scheme to steal identities has arisen: submit a "Hold Mail" request through the USPS website, then go by and pick it up later.  #idtheft Often there are letters offering lines of credit -- banks, department stores, etc. -- especially at this time of year.  With the mail being held, you won't get those offers or even know they came.  The thief picks up the mail, fills out the applications with a different address, gets the cards, and charges away. By the time the creditor gets the bill properly to you, you owe tons of money.  Or your credit is shot for not paying your bill. The postal service acknowledges this happens, and is very easy to do. Services like IDShield (http://idtheft.nscky.com) and Lifelock will watch for change of address and new accounts and alert you.  Otherwise, you might never know until too late. Related article: http://abc30.com/new-identity-theft-scheme-scammers-use-us-postal-service-to-steal-information/2828711/

 According to the Identity Theft Resource Center (ITRC) today, there has been 519 data breaches -- a record number -- reported thus far in 2015.  Businesses and the healthcare industry account for nearly 75% of the reported breaches, with banking accounting for another 9%, and education and government breaches accounting for the balance of 16%.    Of course, these are just the reported breaches.  Some entities choose not to report them, or they haven't been discovered yet.  Historically, many months go by before breaches are discovered.   Without trying to sound like a salesman, it is no longer a valid option to ignore identity theft, hoping it won't happen.  All of us have had our information compromised.  It is just a matter of whether our information will be used in a fraud.  If you do not have a strong identity theft protection service, get one. I recommend IDShield from LegalShield.  Take a look at it at my website http://IDSol...

It was just announced that United Airlines, Sabre Corp, and likely American Airlines, may have been hacked some time ago, probably at or near the same time that Anthem HealthCare and the OPM were hacked, according to folks knowledgeable of the cybersecurity probes.  Quite possibly, the hackers moved through the Sabre system into the American Airlines system, since they share some infrastructure.  The digital "fingerprints" of the hackers, while not identical in each of the systems, are close enough to say they were from the same group.  For example, hacker IP addresses in the American Airlines breach were the same as those in the government's Office of Personnel Management (OPM) hack. Information stolen from Sabre included the reservation records on more than a billion travelers per year across the globe and may be combined with the United and American Airlines flight manifests and passenger info and the OPM breach data to blackmail executives and government officials o...

In April, 2015, it was discovered -- almost by accident -- that 4.2 million current and former government employees had been stolen.  Bad as that was, in June, it was revealed that the real number was over 21 million, which included people who had applied for government jobs or had background checks and their families.  Stolen information included Social Security numbers, birthdays, home addresses, user names and passwords, background information, and even fingerprints. Although the original 4.2 million victims have been notified if they were affected, so far, no one has been notified from the larger group. The forensics suggest that the Chinese were behind the breach, but no one is officially pursuing the Chinese for this. Along with the risk of financial misuse, victims whose background information was stolen could potentially be blackmailed, since looking for compromising situations were why they were having the background checks in the first place. So if you wer...

Well, I haven't died.  Just lost track of time, I suppose.  Got focused on other outlets for my thoughts. But now I need to dust off the blog and start communicating again on this topic. Identity theft is much worse than when I last took keyboard in hand and made a posting here in 2012. Much worse. Just in 2014, one of the largest breaches in history occurred when Anthem Blue Cross was hacked.  Over 80 million records were stolen -- that is 1 in every 4 Americans -- with critical pieces of personal information compromised, such as Social Security Number, birthday, and medical card, to mention a few. Late last year also was the announcement that the IRS was compromised, with  tax information stolen from over 200,000 individuals. Most recently, the government's Office of Personnel Management was hacked, exposing the personal information of over 14 million people. (I'll say more about this breach an another blog post.) The severity of the breaches is staggering. ...

   Utah -- and therefore all of us -- has a problem.  In early April, it was announced that the Health Services department had been hacked, probably by someone in Eastern Europe, and nearly one million Social Security numbers and corresponding data were stolen -- that's one in six Utah residents. An article: http://tinyurl.com/7k7v8wh    As bad as that sounds, the worse thing (to me) is that many of these are children -- Children's Health Insurance Plan (CHIP) recipients .  A child's Social Security number can be used for many years before it is discovered.    Why might this be bad for the rest of us?  The weakness in security that led to Utah's hack may be in other states' systems.  Certainly, the ease with which the thieves broke into Utah's computers will encourage them or other thieves to try to break into other systems.    I'm just glad I've got LegalShield's Identity Theft Shield.  No plan protects 100%, but wit...

Password maintenance is a pain.  Anyone active on the network knows how difficult it is to keep track of passwords.  The temptation is to keep the same password for everything and keep it simple.  I've found that a service called Lastpass.com is a way to manage passwords with one login.  It helps, but isn't perfect. Did you know that the most common password is "Password1"?  (Oops -- did I just guess your password?)  Read this very interesting article on the topic of password complexity. The Lastpass.com site I mentioned above allows you to generate very complex passwords for your various sites, then it keeps track of those complex passwords for you.  Pretty handy, really, unless you need to manually enter those passwords.  An alternative I've used is to create a password that has something static and something that varies, but both are easy to remember yet hard to guess.  Let me explain. Take a phrase that describes something about yo...